With the increase in client-server communications, as well as the increase in the value of the data being communicated, there is a corresponding increase in the want and need for secure protocols for those communications. While there are existing data protocols, such as PKI (public-key infrastructure), they are not suitable for all communications and data. Additionally, they often require additional user authentication for use.
One-time passwords (OTPs) are gaining in popularity as a secure method of user authentication, particularly for financial transactions. However, OTPs are not generally found suitable for use in data encryption.
There is a need for a secure protocol that permits both authentication and encryption. Preferably, the secure protocol is based on the OTP framework.
There is also a need for a secure client-server protocol that does not require the existence of a public-key infrastructure.
It is an object of this invention to partially or completely fulfill one or more of the above-mentioned needs.